---

Control and security of corporate open-source projects proves difficult

Open source has become a staple for software development in the enterprise, but keeping track of it and maintaining security for it remains an elusive goal, according to a survey of more than 3,500 data architects and developers published today by Sonatype, which provides component lifecycle management products and also operates the Central Repository for downloading open-source software.

In spite what is clearly considerable open-source usage — for example 80% of a typical Java application is now assembled from open-source components and frameworks — 57% said their companies “lack any policy governing open-source usage” and 76% indicated lack of meaningful controls related to software typically obtained at no cost though licensed.